<?php

/*
 * WON AJAX
 * http://code.google.com/p/w-o-n/
 *
 * Copyright (c) 2009 WON
 * licensed under the MIT (MIT-LICENSE.txt)
 */

if(!empty($_POST['lat']) && !empty($_POST['lng']) && !empty($_POST['service']) && !empty($_POST['status']) && is_numeric($_POST['lat']) && is_numeric($_POST['lng']) && is_numeric($_POST['service']) && is_numeric($_POST['status']) && abs($_POST['lat']) < 90 && abs($_POST['lng']) < 180 ) {
  require("wallornot-config.php");
  
  //limit html / char number
  $comments = mysql_real_escape_string(mb_substr(strip_tags($_POST['comment']),0,450));
  
  //anonymize ip
  $salt = "add-a-little-salt";
  $encrypted = MD5($salt.$_SERVER["REMOTE_ADDR"]);
  
  //get action points
  $timelimit = time()-21600;
  $prequery = "SELECT COUNT(uip) actions FROM wall_marks WHERE uip = '".$encrypted."' && ts > ".$timelimit;
  
  mysql_query("SET NAMES 'utf8'"); //make sure it's unicode
  $limit = mysql_fetch_row(mysql_query($prequery,$connection));
  
  //only allow if user still has action points left
  $result = false;
  if($limit[0] < 20) {
    $query = "INSERT INTO wall_marks (ts, lat, lng, tid, vid, uip, cmt) VALUES (".time().", '".$_POST['lat']."', '".$_POST['lng']."', ".$_POST['service'].", ".$_POST['status'].", '".$encrypted."', '".$comments."');";
    $result = mysql_query($query, $connection);
  }
  if($result) {
    echo "Data saved. 数据已保存。";
  } else {
    if($limit[0] < 20) {
      echo "Error Detected. 错误数据。";
    } else {
      echo "Limit reached, come back in 6 hours. <br/> 提交上限已到，请等待6小时再试。";
    }
  }
//not enough data
} else {
  echo "Please select service. <br/> 请选择服务。"; 
}

?>